Lucene search

[email protected]CVE-2006-2910

HistoryJul 05, 2006 - 6:05 p.m.

CVE-2006-2910

2006-07-0518:05:00

[email protected]

web.nvd.nist.gov

cve-2006-2910

buffer overflow

jetaudio

arbitrary code execution

audio file security

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed.

Affected configurations

NVD

Node

cowon_americajetaudioMatchbasic_6.2.6.8330

CPENameOperatorVersion
cowon_america:jetaudiocowon america jetaudioeqbasic_6.2.6.8330

CPE	Name	Operator	Version
cowon_america:jetaudio	cowon america jetaudio	eq	basic_6.2.6.8330

References

secunia.com/advisories/19456

secunia.com/secunia_research/2006-45/advisory/

www.securityfocus.com/bid/18825

www.vupen.com/english/advisories/2006/2667

exchange.xforce.ibmcloud.com/vulnerabilities/27593

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2006-2910

cvelist1 nvd1 prion1